Autodiscover mysteriously stopped working (Exchange 2010)

I had Autodiscover working for months but recently it just stopped. I’m not sure why, but it may be related to removing the last Exchange 2003 servers from service recently. Maybe some setting got wiped from AD when I uninstalled Exchange 2003 (as per the procedure Microsoft gives). Basically what was happening was that the email address field was being autopopulated by the user’s UPN rather than their email address. Since we have a single label domain, the UPN isn’t a valid email address, and autodiscovery fails.

Anyway, I ran Get-AutodiscoverVirtualDirectory and it looks like the autodiscover URL isn’t set. Pretty sure I set this at some point.

[PS] C:\Windows\system32>Get-AutodiscoverVirtualDirectory -server exch2010fe1  | fl InternalUrl,ExternalUrl

InternalUrl :
ExternalUrl :

[PS] C:\Windows\system32>

I just piped this to Set-AutodiscoverVirtualDirectory to correct the problem:

[PS] C:\Windows\system32>Get-AutodiscoverVirtualDirectory -server exch2010fe1  | Set-AutodiscoverVirtualDirectory -ExternalUrl 'https://webmail.example.com/Autodiscover/Autodiscover.xml' -InternalUrl 'https://webmail.example.com/Autodiscover/Autodiscover.xml'
[PS] C:\Windows\system32>Get-AutodiscoverVirtualDirectory -server exch2010fe1  | fl InternalUrl,ExternalUrl


InternalUrl : https://webmail.example.com/Autodiscover/Autodiscover.xml
ExternalUrl : https://webmail.example.com/Autodiscover/Autodiscover.xml


[PS] C:\Windows\system32>

After resetting the InternalURL and ExternalURL, autodiscover works again (we have SRV records that tell Outlook to look at webmail.example.com for the Autodiscover service).

Hooray!

Microsoft Office 2007's awful user interface

Office 2007 is pretty old by now, and I know much has been written on the move from a “normal” looking app to the “Ribbon” UI. I personally hate the change and feel Microsoft just changed the UI as a way to make the application look “different” so that people will look at it and go “oooh, shiny!” and not feel as bad about being forced into another $400 upgrade of a word processor. Sure, Excel’s row limit was finally raised beyond 64k, and I’m sure there were some other tweaks, but .docx? .xlsx? Yet more file formats, ensuring most businesses will feel compelled to upgrade. If your clients are upgrading, you’re going to have to.

Anyway, that’s all well documented. What may not be is the ridiculous location of the SMTP header info in a message in Outlook. If you want to view this interserver communication, which is invaluable when debugging mail issues, you can either A) right-click the message in the inbox, or B) … Well, in Office 2003, there was a way to do this from within the open message. I didn’t think there was a way to do it from within the message in Outlook 2007, but it turns out there is. It’s just retarded:

WTF?

Dear Microsoft: please drop the “Ribbon” completely and go back to menus, or at least provide that as an option. This UI is awful.

Microsoft Office 2007’s awful user interface

Office 2007 is pretty old by now, and I know much has been written on the move from a “normal” looking app to the “Ribbon” UI. I personally hate the change and feel Microsoft just changed the UI as a way to make the application look “different” so that people will look at it and go “oooh, shiny!” and not feel as bad about being forced into another $400 upgrade of a word processor. Sure, Excel’s row limit was finally raised beyond 64k, and I’m sure there were some other tweaks, but .docx? .xlsx? Yet more file formats, ensuring most businesses will feel compelled to upgrade. If your clients are upgrading, you’re going to have to.

Anyway, that’s all well documented. What may not be is the ridiculous location of the SMTP header info in a message in Outlook. If you want to view this interserver communication, which is invaluable when debugging mail issues, you can either A) right-click the message in the inbox, or B) … Well, in Office 2003, there was a way to do this from within the open message. I didn’t think there was a way to do it from within the message in Outlook 2007, but it turns out there is. It’s just retarded:

WTF?

Dear Microsoft: please drop the “Ribbon” completely and go back to menus, or at least provide that as an option. This UI is awful.

Outlook 2007 & Exchange 2010 Autodiscover SSL certificate error annoyance

One of the more annoying side effects of migrating my mailbox to Exchange 2010 has been the nagging of Outlook 2007’s Autodiscovery feature. Now, every time I start Outlook I get hit with a certificate error for autodiscover.domain.com. Now, autodiscover.domain.com is a CNAME to mail.domain.com, which is the OWA URL for the CAS. The SSL certificate is valid – but it’s valid for mail.domain.com. I could buy a SSL certificate from GoDaddy for $12.99 (an insanely great price, btw) for “autodiscover” but that would also require using another IP address on the CAS (since you can can only bind one SSL certificate to an IP:port pair), and that seems like a waste of an IP address.

I found a possible solution in KB 940726. Basically you use this cmdlet to change the Autodiscover URI for internal clients:

Set-ClientAccessServer –AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml

You’d replace mail.contoso.com with the external URL of your OWA server (in my case, mail.domain.com). I’ve made the changes but I think I need to wait for AD propagation. Hopefully this will resolve it, because I don’t want to move everyone’s mailboxes over until this thing is “perfect,” whatever that means.

Edit: I also needed to add a SRV record so Outlook would know what host to check for autodiscovery when outside the domain.

Edit 2:: Also need to install a hotfix or be running Outlook 2007 SP1 or later for the SRV functionality.

Edit 3: It occurs to me that a simpler fix for this issue may be simply to delete the DNS record for autodiscover entirely. That way, when Outlook attempts to open the SSL connection to autodiscover.domain.com, it gets a NXDOMAIN error (should) silently skip it. Unfortunately we have wildcard DNS active for our domain.

Other useful resources:

When single-sign-on isn't.

I’m looking into training courses for Exchange 2010, and to add a course to “My Learning,” which I guess is the equivalent of a shopping cart, I had to sign in with my Live.com ID. I have a Live.com ID because you need one to see your MS licenses and download ISOs, etc. It’s not as seamless as Google’s ID but it seems to work ok most of the time. But here’s an instance where it sucks:

I’m already logged in, why do I need to input all my info again? Including my email address, which was required to login?

When single-sign-on isn’t.

I’m looking into training courses for Exchange 2010, and to add a course to “My Learning,” which I guess is the equivalent of a shopping cart, I had to sign in with my Live.com ID. I have a Live.com ID because you need one to see your MS licenses and download ISOs, etc. It’s not as seamless as Google’s ID but it seems to work ok most of the time. But here’s an instance where it sucks:

I’m already logged in, why do I need to input all my info again? Including my email address, which was required to login?

Exchange 2010 and Set-ActiveSyncVirtualDirectory Identity

I don’t really know why I put this blog up, but generally I write stuff here after I muddle through some ridiculous problem that may have ended up being easily resolved, but whose solution was hard to find. That’s definitely the case with this post. Currently I’m in the middle of moving my company’s email from Exchange 2003 to Exchange 2010. Microsoft has provided some pretty good documentation on how to do this, but they do assume a certain level of familiarity with the product. For example, I probably spent 30 minutes trying to run Exchange cmdlets in Powershell before I realized there’s a special shell just for Exchange, the Exchange Management Shell.

Anyway, I’m trying to setup a Client Access Server to replace our Exchange 2003 Outlook Web Access (webmail) system. Again, Microsoft’s walkthrough is pretty good, and everything seemed to be working until I got to section 4c of their instructions:

Exchange ActiveSync: Set-ActiveSyncVirtualDirectory -Identity \Microsoft-Server-ActiveSync -ExternalURL https://mail.contoso.com

For the other examples they provided, I had been replacing with the internal name of my new CAS, “EXCH2010FE1,” so that’s what I attempted to do here as well, however it threw this error:

[PS] C:\Windows\system32>Set-ActiveSyncVirtualDirectory -Identity EXCH2010FE1\Microsoft-Server-ActiveSync -ExternalURL https://webmail.example.com
The operation couldn’t be performed because object
‘EXCH2010FE1\Microsoft-Server-ActiveSync’ couldn’t be found on ‘activedir.example.com’.
+ CategoryInfo : NotSpecified: (0:Int32) [Set-ActiveSyncVirtualDirectory], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : B33731BE,Microsoft.Exchange.Management.SystemConfigurationTasks. SetMobileSyncVirtualDirectory

[PS] C:\Windows\system32>

I racked my brain on this for a while. I discovered the Get-ActiveSyncVirtualDirectory command, hoping it would magically solve the problem (telling me what the “Identity” was), but it didn’t – at least not at first:

[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory -server exch2010fe1

Name Server InternalUrl
—- —— ———–
Microsoft-Server-ActiveSync (Default… EXCH2010FE1 https://exch2010fe1.example.com/Microsoft-Se…

[PS] C:\Windows\system32>

It was showing me the server, but not the Identity, which is what I wanted. Having never used Powershell before, I figured there had to be a way to get that property out of the command, but I had no idea what it was. Some more Googling finally helped me resolve it:

[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory -server exch2010fe1 | Select-Object Identity

Identity
——–
EXCH2010FE1\Microsoft-Server-ActiveSync (Default Web Site)

[PS] C:\Windows\system32>

Once I supplied “EXCH2010FE1\Microsoft-Server-ActiveSync (Default Web Site)” for the Identity parameter the command completed correctly. I also tried piping the Get-ActiveSyncVirtualDirectory command directly to Set-ActiveSyncVirtualDirectory, like this:

[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory -Server exch2010fe1 | Set-ActiveSyncVirtualDirectory -ExternalURL https://webmail.example.com

This appeared to execute successfully, but I don’t know if it actually did what I intended, so I stuck with specifying the identity manually.

The Exchange 2010 CAS is properly redirecting users to legacy.example.com, but ActiveSync isn’t working (I’m testing with my iPhone), so I guess the problem I was having above wasn’t the source of all my ills, sadly. The battle continues…

Hygiene Management?

I’m installing Exchange 2010 and in the docs it shows a bunch of groups that get created in the AD Schema during the domain prep part. After running prep, I looked to see if the groups were there, and sure enough they were (yay). What caught my eye was that one of the groups is called Hygiene Management. I thought maybe this was an Easter Egg from MS, but apparently it’s just the name of the group of people who can manage the Exchange antivirus/antispam features. Still funny though.

Generate a report of Exchange mailbox sizes broken out by department and location

I found a script a few months ago that generated a CSV report of mailbox size, which included the Mailbox Name (usually the user’s name), size in Kbytes, number of items, which server it’s on, etc. This was very helpful, but I wanted to see which department within the company used the most space on the mail server, and the department wasn’t one of the pieces of data included in the report. It took a while but I figured out how to do LDAP lookups in vbscript and was able to add that info, so the report now has the user’s department, office location, and quota limit in it as well as the other fields. This makes it very easy to do a PivotChart in Excel to generate a pie chart of the size by department. The script is attached – change the extension to .vbs to run it. You’ll need to plug in your Exchange server and domain controller where the placeholders currently are.

EmailSizeByDepartment.vbs

Moving an Exchange 2003 server to another location with minimal risk and disruption?

So our Exchange server is located in our office building. This made sense at the time because that’s where the users are. Over time though, this has proved problematic for a few reasons. Primarily, our office is certainly not a datacenter and doesn’t offer the amenities of one – clean, reliable power, and redundant cooling. In an average year we lose power probably 10-15 times, often for an hour or more. The rest of our production environment is hosted in a top-tier datacenter, so after a while I started to wonder why our Exchange server wasn’t there, and making plans to move it there. Oh, and did I mention I’m not an Exchange admin in any sense of the term? I just inherited the Exchange server about 2 months ago.

Continue reading “Moving an Exchange 2003 server to another location with minimal risk and disruption?”